Setting up DNSMasq instead of BIND for bulletproof internal DNS resolution (SplitDNS)
Results 1 to 3 of 3

Thread: Setting up DNSMasq instead of BIND for bulletproof internal DNS resolution (SplitDNS)

  1. #1
    ZeXtras Community Manager ZeXtras Employee Cine's Avatar
    Join Date
    Apr 2011
    Posts
    2,323

    Setting up DNSMasq instead of BIND for bulletproof internal DNS resolution (SplitDNS)

    This guide will guide you through the setup of DNSMasq in order to achieve the following:
    - When the Zimbra server performs a DNS query for the A record of the Public Service Hostname of one of the hosted domains, answer with the LAN IP of the server itself.
    - When the Zimbra server performs a DNS query for the MX record of one of the hosted domains, answer with the LAN IP of the server itself.
    - When the Zimbra server performs any other DNS query, let another DNS server manage it.
    - Let DNSMasq only bind to the interface it's using so that other DNS servers can be ran on the server is needed.

    Why DNSMasq instead of BIND?
    One word: SIMPLICITY.
    BIND is a full-fledged DNS server that can perform the roles of both an Authoritative and a Recursive nameserver, but chances are that you don't need this, as you probably already have an authoritative server for your domain - for example the one of your domain Registrar or a local Active Directory server - and one or more Recursive nameservers either internal, provided by your ISP or by a dedicated DNS service such as OpenDNS. So why using it when DNSMasq, a lightweight DNS forwarder, can let you achieve a Split DNS situation in a much easier way?

    Our Example Environment:
    192.168.0.2 is the LAN ip of your server
    mail.domain.com is the hostname of the server
    domain.com is the main mail domain
    domain2.com is an additional mail domain
    8.8.8.8 and 8.8.4.4 are the DNS servers you want to use (in this case, Google's public DNS servers)

    Config Files:
    /etc/resolv.conf
    Code:
    nameserver 192.168.0.2
    DNSMasq will bind on the local address to answer DNS queries.

    /etc/resolv.dnsmasq
    Code:
    nameserver 8.8.8.8
    nameserver 8.8.4.4
    We'll instruct DNSMasq to answer just some queries and in the way we want, while all other queries will be forwarded to this servers.

    /etc/dnsmasq.conf (the file is quite large, I'll only write the config elements relevant to this guide)
    Code:
    address=/mail.domain.com/192.168.0.2
    resolv-file=/etc/resolv.dnsmasq
    except-interface=lo
    listen-address=192.168.0.2
    bind-interfaces
    This sets up DNSMasq to listen on the local IP address and to only bind on the interface it's listening on. Also, it forces to answer any A-record DNS requests for mail.domain.com with the LAN ip. This is a "naive" trick that allows you to provisionally use the same hostname on two servers without any issues of sort.

    In the same file, add one line like the following for each domain on your server:
    Code:
    mx-host=domain.com,mail.domain.com,10
    This lines instruct DNSMasq to always return "mail.domain.com" as the MX record for your domains which, if your /etc/hosts file is correctly configured, will always point to the local server (DNSMasq will then forward any other request to the DNS servers in the resolv.dnsmasq file).


    Service Restart and check:
    Restart DNSMasq with
    Code:
    /etc/init.d/dnsmasq restart
    and check that
    Code:
    dig mx domain.com
    returns the local hostname/address.

    Also, make sure that the server can correctly resolve any other IP through the servers specified in /etc/resolv.dnsmasq

    Additional dnsmasq.conf options:
    - To specify an Authoritative server for a domain:
    Code:
    server=/domain.com/10.0.0.1
    with 10.0.0.1 being the IP of the Authoritative DNS for domain.com

    - To specify a Reverse DNS resolution (PTR Record) for a domain:
    Code:
    server=/192.168.in-addr.arpa/192.168.100.1
    - Log all the DNS queries (for debug purpouse)
    Code:
    log-queries
    - Locally return an SPF record for a domain
    Code:
    txt-record=zextras.com,"v=spf1 mx -all"
    Last edited by Cine; 02-01-2013 at 05:06 PM.
    IT Support Team Contact Form
    Sales Team Contact Form

    ZeXtras Website
    # ZeXtras Wiki # ZeXtras Store

    Have ZeXtras Suite or ZeXtras Migration Tool been helpful to you?
    Share your experience in the Zimbra Gallery!

    ZeXtras Suite on the Zimbra Gallery
    ZeXtras Migration Tool on the Zimbra Gallery

  2. #2
    Junior Member
    Join Date
    Jun 2017
    Posts
    2

    Some help with DNSmasq

    Test about DNSmasq

  3. #3
    Junior Member
    Join Date
    Jun 2017
    Posts
    2

    Some help with DNSmasq

    Hi there.


    I hope you check this post once in a while.

    Well I try to learn about DNSmasq, so I just share Internet conecction with an old laptop without wifi but with ethernet
    conecction (rj45) as well.

    First I try follow these instructions: Configurar un server para compartir internet a modo router


    From LapTop-1, I just type:

    #more /etc/network/interfaces

    auto lo
    iface lo inet loopback

    auto eth9
    iface eth9 inet static
    address 192.168.0.2
    netmask 255.255.255.0
    gateway 192.168.0.1




    I have one Desktop with two ethernet conecctions

    eth6 Link encap:Ethernet
    inet addr:192.168.1.87 Bcast:192.168.1.255 Mask:255.255.255.0 <---- Internet conection from DSL/Router

    eth8 Link encap:Ethernet
    inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0 <--- To LapTop-1




    From Desktop, I just type:

    #more /etc/network/interfaces

    auto lo
    iface lo inet loopback

    auto eth6
    iface eth6 inet dhcp

    auto eth8
    iface eth8 inet static
    address 192.168.0.1
    netmask 255.255.255.0
    broadcast 192.168.0.255



    I just typed these instrucions like root:

    1.- nano /etc/sysctl.conf
    net.ipv4.ip_forward=1 (save without # sing, line uncomment)

    2.- iptables -t nat -A POSTROUTING -o eth6 -j MASQUERADE

    3.- apt-get install dnsmasq

    4.- nano /etc/dnsmasq.conf

    listen-address=192.168.0.1 (save without # sing, line uncomment)
    bind-interfaces (save without # sing, line uncomment)
    dhcp-range=192.168.0.2,192.168.0.254,12h (save without # sing, line uncomment)

    5.- /etc/init.d/dnsmasq restart

    6.- nano share1.sh
    #!/bin/sh
    iptables -t nat -A POSTROUTING -o eth6 -j MASQUERADE


    7.- chmod 700 firewall.sh
    8.- chown root:root firewall.sh

    9.- nano /etc/init.d/rc.local
    /etc/share1.sh <-- Add this line at the end


    On LatpTop I just type:

    root@Laptop-1:/home/Laptop-1#ip route default via 192.168.0.1


    On DEsktop appers's:
    root@Drunkss:/home/Desktop# ip route show
    default via 192.168.1.254 dev eth6
    192.168.0.0/24 dev eth8 proto kernel scope link src 192.168.0.1
    192.168.1.0/24 dev eth6 proto kernel scope link src 192.168.1.87

    My LapTop couldn't connect to Internet.

    Some ideas?

    Thanks in advance.

LinkBacks (?)

  1. 10-10-2014, 12:22 PM
  2. 10-21-2013, 12:22 PM
  3. 08-20-2013, 11:23 AM
  4. 04-12-2013, 10:46 AM
  5. 02-16-2013, 11:57 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •